IN THE CLAIMS 

1. (original) A transaction authorisation system comprising means 

for authorising a transaction according to stored conditions 
and for interfacing with a transaction system, wherein 

the authorisation system (2) comprises an authorisation model 
(4) having a plurality of authority states (10) defining a 
plurality of required signatories for authorisation of a 
proposed transaction; 

the system (2) comprises means for allowing online user 
definition and updating of the model (4) using user client 
systems; and 

the system comprises means (3) for receiving a request for a 
proposed transaction, for determining an applicable authority 
state (10), and for authorising the proposed transaction when 
sufficient signatory approvals have been received to satisfy 
the authority state. 

2. (original) A transaction authorisation system as claimed in 
claim 1, wherein at least some authority states comprises a 
signatory group (21) of signatory nodes (24), whereby all 
signatories of the group must approve. 

3. (original) A transaction authorisation system as claimed in 
claim 1, wherein at least some authority states (10) comprise a 
signatory set (30) of signatory nodes (31), whereby any one 
signatory of the set must approve. 

4. (original) A transaction authorisation system as claimed in 
claim 2, wherein at least some authority states (10) comprise a 
complex hierarchical structure of groups and sub-groups, the 
structure comprising at least three hierarchical levels. 
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5. (original) A transaction authorisation system as claimed in 
claim 3, wherein at least some authority states (10) comprise a 
hierarchical structure of sets and sub-sets. 

6. (original) A transaction authorisation system as claimed in 
claim 1, wherein each authority state (10) is associated with a 
transaction type as defined by conditions (11) . 

7. (original) A transaction authorisation system as claimed in 
claim 6, wherein the system (2) comprises a template update 
interface comprising means for allowing users to update and define 
the conditions using a graphical display. 

8. (original) A transaction authorisation system as claimed in 
claim 7, wherein said interface (30) comprising means for allowing 
users to define the authority states (10) using a graphical 
display. 

9. (original) A transaction authorisation system as claimed in 
claim 7 , wherein the system (2) comprises means for storing a user- 
defined template for each associations of conditions (11) and 
authority state (10), for determining (42) a relevant template for 
a proposed transaction if parameters of the proposed transaction 
satisfy the conditions, and for retrieving an authority state (10) 
associated with the template. 

10. (original) A transaction authorisation system as claimed in 
claim 1, wherein the system comprises means for transmitting (49) 
a notification to all signatories of a selected authority state 
(10), and for dynamically monitoring (50) received responses to 
determine if the authority state is satisfied. 
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11. (original) A transaction authorisation system as claimed in 
claim 1, wherein the system (2) further comprises means for 
downloading a wizard program (55) via an encrypted connection to a 
user client system (1), the wizard program (55) being for guiding 
a user through a process of defining the control model (4). 

12. (original) A transaction authorisation system as claimed in 
claim 1, wherein the system (2) comprises an online server (3) for 
user access, said server comprising 

a web channel (60, 61) for user control model definition; 
and 

a channel manager (70, 71, 72) for real time transaction 
execution. 

13. (original) A transaction authorisation system as claimed in 
claim 12, wherein the web channel comprises an account list 
filter (61) comprising means for building a list of allowable 
funding accounts associated with a user. 

14. (original) A transaction authorisation system as claimed in 
claim 12, wherein the web channel further comprises a transaction 
type filter (60) comprising means for building a list of 
allowable transaction types associated with a user. 

15. (original) A transaction authorisation system as claimed in 
claim 12, wherein the channel manager comprises an authorisation 
data manager (71) comprising means for building look-up tables 
within objects by querying a rule database. 

16. (original) A transaction authorisation system as claimed in 
claim 15, wherein the authorisation data manager (71) comprises 
means for building said objects at the start of a user session 
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and for caching said objects for processing of request by the 
user. 

17. (original) A transaction authorisation system as claimed in 
claim 15, wherein the channel manager comprises an authorisation 
rule engine (70) comprising means for querying the authorisation 
data manager (71) to check if a proposed transaction meets 
transaction conditions, and for managing notification of 
signatures specified in the relevant authority state. 

18. (original) A transaction authorisation system as claimed in 
claim 17 , wherein the system further comprises a role manager 
(72) comprising means for:- 

authenticating a user to determine a user identifier; 

using the identifier to determine a plurality of roles 
associated with the user, said roles containing access 
level permission values; 

building a role object comprising a combination of all 
of said role permission values; and 

using said role object to control user access to the 
system during a session. 

19. (original) A transaction authorisation system as claimed in 

claim 18, wherein said permissions comprise "enabled", 
"excluded", and "don't care" flags for a user for an 
access level. 

20. (original) A transaction authorisation system as claimed in 
claim 19, wherein the role manager comprises means for combining 
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the permission values with an excluded flag over-riding enabled 
flags . 

21. (cancelled) 

22. (original) A computer program product comprising software 
code for performing authorisation operations of an authorisation 
system of claim 1 when executing on a digital computer. 



7 



